The GPGSM utility included in GnuPG contains a use-after-free
vulnerability that may allow an unauthenticated remote attacker to execute
arbitrary code.

Background

The GNU Privacy Guard, GnuPG, is a free replacement for the PGP suite of
cryptographic software. The GPGSM utility in GnuPG is responsible for
processing X.509 certificates, signatures and encryption as well as
S/MIME messages.